NSO Group deeply involved in hacking our users: WhatsApp
WhatsApp has alleged that the Israeli group is connected to the hacks of 1,400 people including human rights activists
In new court filings WhatsApp has alleged that an "Israeli spyware company used US-based servers and was 'deeply involved' in carrying out mobile phone hacks of 1,400 WhatsApp users, including senior government officials, journalists, and human rights activists".
New claims emerging about the NSO Group allege that they are responsible for serious human rights violations, including hacking more than a dozen Indian journalists and Rwandan dissidents.
NSO Group has maintained for years that its spyware is bought by governments to track down terrorists and criminals and they have no knowledge of who exactly these governments are. Reports have it that Mexico and Saudi Arabia have used NSO's spyware.
The lawsuit filed by WhatsApp last year against NSO Group, first of a kind by any tech company, has revealed more technical details about how Pegasus (the hacking software) is "allegedly deployed against targets".
In court filings last week, WhatsApp said that its own "investigation into how Pegasus was used against 1,400 users last year showed that servers controlled by NSO Group - not its government clients - were an integral part of how the hacks were executed".
Also Read: Facebook claims NSO Group used US-based servers to target WhatsApp users
WhatsApp said that "victims of the hack received phone calls using its messaging app, and were infected with Pegasus".
WhatsApp then said - "NSO used a network of computers to monitor and update Pegasus after it was implanted on users' devices. These NSO-controlled computers served as the nerve centre through which NSO controlled its customers' operation and use of Pegasus."
According to WhatsApp, "NSO gained 'unauthorised access' to its servers by reverse-engineering the messaging app and then evading the company's security features that prevent manipulation of the company's call features".
As per the court filings, "One WhatsApp engineer who investigated the hacks said in a sworn statement submitted to the court that in 720 instances, the IP address of a remote server was included in the malicious code used in the attacks. The remote server, the engineer said, was based in Los Angeles and owned by a company whose data centre was used by NSO".
NSO has claimed in legal filings that they have no insight into how these government clients use hacking tools and therefore do not know who is being targeted.
Also Read: Pegasus creator NSO Group has a Covid-19 software: Why you should be worried
One expert, John Scott-Railton of Citizen Lab, who has worked with WhatsApp for the case, said - "NSO's control of the servers involved in the hack suggests the company would have had logs, including IP addresses, identifying the users who were being targeted".
"Whether or not NSO looks at those logs, who knows? But the fact that it could be done is contrary to what they say," Scott-Railton said.
In a statement to the Guardian, NSO stood by its earlier remarks.
Also Read: Facebook tried to buy Pegasus to monitor iPhone users: NSO Group
"Our products are used to stop terrorism, curb violent crime, and save lives. NSO Group does not operate the Pegasus software for its clients," the company said. "Our past statements about our business, and the extent of our interaction with our government intelligence and law enforcement agency customers, are accurate."
The company said it would file a response to the court in the coming days.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.